Forensics CD Toolkit for FreeBSD
Joe Warner
rootman22 at comcast.net
Sun Aug 3 20:09:36 PDT 2003
On Sunday 03 August 2003 04:33 pm, Barney Wolff wrote:
> On Sun, Aug 03, 2003 at 12:59:31PM -0600, Joe Warner wrote:
> > > 4. You should investigate The Coroner's Toolkit, available (free)
> > > from porcupine.org to really do forensics work. It comes from
> > > Dan Farmer & Wiese Venema, who need no endorsement from me.
> > > I've used it (on Solaris) with very gratifying results.
> >
> > Yes, I've seen that all over the place from my searches on Google but I
> > was hesitant about going any further with that because it said it's only
> > been tested on FreeBSD 2.2.1, 3.4, and 4.4
>
> It should run on any 4- FreeBSD version. The parts of it that need to
> understand file system formats will likely not be happy with 5.x's UFS2,
> but that's not an issue for 4.x.
>
> > Do you think I can run TCT from a CD?
>
> Sure.
Ok great, that's what I needed.
Thanks for your help and quick responses!
Joe
More information about the freebsd-stable
mailing list